Overview

overview

10

Static

static

3

5a9965d109...18.exe

windows7-x64

3

5a9965d109...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a9965d1090c5c8963ee6208541138e0_JaffaCakes118

  • Size

    105KB

  • Sample

    240719-fwx65athjr

  • MD5

    5a9965d1090c5c8963ee6208541138e0

  • SHA1

    2c4488a5d2f91e54c6a70777a40120d9ad4e1d19

  • SHA256

    73085d8589b93f17ff858f1c98864cd527616426e9d3c4c7c9de51ba587aefe0

  • SHA512

    48c6d6202d5819d2773f227fa46e2ba38a0f02d6edda1f2753b3d4ea9b9fef3bc0a33a239be5e9a7f2f52c98abcde74b404143f23765e4d07be876348ec6acf9

  • SSDEEP

    3072:tff+AUTpldhukuG41s51ma+CZKDBL+bGv4dAbDRbqOYh+KSX:t3+AUTpldhbGa+C6L+bw4cRtE+

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      5a9965d1090c5c8963ee6208541138e0_JaffaCakes118

    • Size

      105KB

    • MD5

      5a9965d1090c5c8963ee6208541138e0

    • SHA1

      2c4488a5d2f91e54c6a70777a40120d9ad4e1d19

    • SHA256

      73085d8589b93f17ff858f1c98864cd527616426e9d3c4c7c9de51ba587aefe0

    • SHA512

      48c6d6202d5819d2773f227fa46e2ba38a0f02d6edda1f2753b3d4ea9b9fef3bc0a33a239be5e9a7f2f52c98abcde74b404143f23765e4d07be876348ec6acf9

    • SSDEEP

      3072:tff+AUTpldhukuG41s51ma+CZKDBL+bGv4dAbDRbqOYh+KSX:t3+AUTpldhbGa+C6L+bw4cRtE+

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks